Got a credit card? use our Credit Card & Finance Calculators
Thanks to Wasron,jfgw,Rhyd6,eyeball08,Wondergirly, for Donating to support the site
Passwords..UGH!
-
- Lemon Pip
- Posts: 83
- Joined: November 4th, 2016, 1:51 pm
- Has thanked: 56 times
- Been thanked: 10 times
Passwords..UGH!
Being a bit non zealous in thinking g of new passwords on so many sites I visit, I am sick of Apple chiding me and telling me to change passwords and have spent my morning changing ones used too many times. It may be time when I must invest in a decent keeper of Passwords! I expect I will have to pay for a decent one that is easy to use and manage but before I decide I would welcome the advice of experts here. Help!
-
- Lemon Quarter
- Posts: 1340
- Joined: March 27th, 2017, 11:41 am
- Has thanked: 600 times
- Been thanked: 587 times
Re: Passwords..UGH!
It depends a little on the different platforms where you will want to use it, but I recommend taking a look at
Keepass - free but Windows only
KeePassXC - MacOS version of Keepass
Bitwarden - free for 1 or 2 users. Windows/Mac/Mobile
1password - subscription required. Windows/Mac/Mobile
Keepass - free but Windows only
KeePassXC - MacOS version of Keepass
Bitwarden - free for 1 or 2 users. Windows/Mac/Mobile
1password - subscription required. Windows/Mac/Mobile
-
- 2 Lemon pips
- Posts: 249
- Joined: November 14th, 2016, 5:14 pm
- Has thanked: 2 times
- Been thanked: 132 times
Re: Passwords..UGH!
penym wrote:Being a bit non zealous in thinking g of new passwords on so many sites I visit, I am sick of Apple chiding me and telling me to change passwords and have spent my morning changing ones used too many times. It may be time when I must invest in a decent keeper of Passwords! I expect I will have to pay for a decent one that is easy to use and manage but before I decide I would welcome the advice of experts here. Help!
No real need to pay for a good password manager.
I have used Keepass on Windows devices and KeepassXC on Linux/MacOS devices for years. The database format is readable by both versions so I can easily keep them up-to-date across a range of devices including smartphones.
Keepass and it's variants stores a database of your passwords as a file on your machine so it is not a cloud-based service.
HTH
kyu66
https://keepass.info/
https://keepassxc.org/
-
- Lemon Slice
- Posts: 470
- Joined: November 8th, 2016, 1:42 pm
- Has thanked: 223 times
- Been thanked: 210 times
Re: Passwords..UGH!
I'm not an expert by any means, but have done a little research into password managers.
I currently use Bitwarden https://bitwarden.com/ which I switched to from Lastpass when the latter decided to start charging for using their service if you used it on multiple platforms (e.g. phone/tablet/laptop).
I'm happy with what Bitwarden provides. I use it on two laptops, a tablet, my personal android phone and my work-provided iPhone. It synchronises across all these devices. On the mobile devices you install an app and on the laptop/desktop you install browser extensions. I was able to easily migrate all my passwords from my old LastPass account. You can set it to automatically fill in usernames and passwords when you visit saved websites and it does this fairly well and fairly consistently. You can also access your account from their website which could be useful if you're using someone else's computer and need to log in to a site.
Of the the free use password managers I think this is the best, or was for me at the time I did my research. Onepass, LastPass and Dashlane are also good but can cost you.
Of course you can also save your passwords to your browser. This is probably the easiest to implement but this used to be a 'bad idea' as its wasn't very secure - anyone with access to your computer could find your passwords. However, I understand that improvements have now been made and it might not be as bad as it once was. Chrome is often recommended. I don't use it for saving passwords.
I can only talk about what I use. There are many options and you'll have to decide based on what you want to pay and how complex the process is.
Good luck!
I currently use Bitwarden https://bitwarden.com/ which I switched to from Lastpass when the latter decided to start charging for using their service if you used it on multiple platforms (e.g. phone/tablet/laptop).
I'm happy with what Bitwarden provides. I use it on two laptops, a tablet, my personal android phone and my work-provided iPhone. It synchronises across all these devices. On the mobile devices you install an app and on the laptop/desktop you install browser extensions. I was able to easily migrate all my passwords from my old LastPass account. You can set it to automatically fill in usernames and passwords when you visit saved websites and it does this fairly well and fairly consistently. You can also access your account from their website which could be useful if you're using someone else's computer and need to log in to a site.
Of the the free use password managers I think this is the best, or was for me at the time I did my research. Onepass, LastPass and Dashlane are also good but can cost you.
Of course you can also save your passwords to your browser. This is probably the easiest to implement but this used to be a 'bad idea' as its wasn't very secure - anyone with access to your computer could find your passwords. However, I understand that improvements have now been made and it might not be as bad as it once was. Chrome is often recommended. I don't use it for saving passwords.
I can only talk about what I use. There are many options and you'll have to decide based on what you want to pay and how complex the process is.
Good luck!
-
- Lemon Quarter
- Posts: 4112
- Joined: November 4th, 2016, 9:24 am
- Has thanked: 3253 times
- Been thanked: 2855 times
Re: Passwords..UGH!
kyu66 wrote:penym wrote:Being a bit non zealous in thinking g of new passwords on so many sites I visit, I am sick of Apple chiding me and telling me to change passwords and have spent my morning changing ones used too many times. It may be time when I must invest in a decent keeper of Passwords! I expect I will have to pay for a decent one that is easy to use and manage but before I decide I would welcome the advice of experts here. Help!
No real need to pay for a good password manager.
I have used Keepass on Windows devices and KeepassXC on Linux/MacOS devices for years. The database format is readable by both versions so I can easily keep them up-to-date across a range of devices including smartphones.
Keepass and it's variants stores a database of your passwords as a file on your machine so it is not a cloud-based service.
HTH
kyu66
https://keepass.info/
https://keepassxc.org/
As a Keepass user on Windows, Linux and Android for many years, I agree, but a non-expert user might like to consider:
- If stored as a file on the device (as I do) the file needs to be manually copied to each device. And decide which device is considered as the master copy. I think Keepass can use Google Drive, but that is cloud based and I prefer not to do that
- If stored as a file, do you have a reliable backup process?
A cloud-based tool (Lastpass?) might be better (if slightly less secure) than a file-based solution
--kiloran
-
- Lemon Quarter
- Posts: 4490
- Joined: November 4th, 2016, 2:25 pm
- Has thanked: 648 times
- Been thanked: 1266 times
Re: Passwords..UGH!
For non critical passwords the browser option is pretty easy and relatively secure. I use Chrome for that across multiple OS'. One advantage is that it has a built in security checker to see of your various services and/or password have been involved in any data security leaks/breaches.
I have one password that routinely gets flagged up but it's non critical and I can't change it anyway.
For banking and other mission critical password stuff I keep it in my head with a backup on paper and a coded entry on a cross OS platform app (Google Keep) in the archive section - so not immediately visible.
It would make more sense to move to one of the dedicated password systems suggested up thread for the sensitive stuff - but so far I haven't gotten around to it...
I have one password that routinely gets flagged up but it's non critical and I can't change it anyway.
For banking and other mission critical password stuff I keep it in my head with a backup on paper and a coded entry on a cross OS platform app (Google Keep) in the archive section - so not immediately visible.
It would make more sense to move to one of the dedicated password systems suggested up thread for the sensitive stuff - but so far I haven't gotten around to it...
-
- Lemon Quarter
- Posts: 2065
- Joined: November 4th, 2016, 10:32 am
- Has thanked: 5389 times
- Been thanked: 2492 times
Re: Passwords..UGH!
Super critical passwords.
At work, in office, tricky.
If you're like me where the domestic environment is all you deal with and is seriously locked down (no lodgers, no transients, no f*ckwits) there is a lot be said for pen and paper.
Especially with a little bit of misdirection. Such as passwords written in places that you don't expect to see them, and disguised (e.g. in the middle of some notes about the CNO stellar cycle)
And I don't do internet banking. If my bank insisted that I had to, I'd move elsewhere
At work, in office, tricky.
If you're like me where the domestic environment is all you deal with and is seriously locked down (no lodgers, no transients, no f*ckwits) there is a lot be said for pen and paper.
Especially with a little bit of misdirection. Such as passwords written in places that you don't expect to see them, and disguised (e.g. in the middle of some notes about the CNO stellar cycle)
And I don't do internet banking. If my bank insisted that I had to, I'd move elsewhere
-
- Lemon Quarter
- Posts: 1340
- Joined: March 27th, 2017, 11:41 am
- Has thanked: 600 times
- Been thanked: 587 times
Re: Passwords..UGH!
Infrasonic wrote:For non critical passwords the browser option is pretty easy and relatively secure.
Browser stored password are always going to be readable by someone who has physical access to your computer. The bigger issue is can they be remotely read by a malicious website you happen to visit. The current thinking is that browser password storage is designed by world class security experts, who will probably do a better job than some janky browser plugin designed by some company selling a password generator program.
So what I do is let the password generator create/store the password for long term storage, but allow the browser to save passwords to keep things simple day to day.
-
- Lemon Quarter
- Posts: 1340
- Joined: March 27th, 2017, 11:41 am
- Has thanked: 600 times
- Been thanked: 587 times
Re: Passwords..UGH!
SalvorHardin wrote:And I don't do internet banking. If my bank insisted that I had to, I'd move elsewhere
I used to be like that, in the early days internet banking was super sketchy, but now I think it is far safer and more secure than any of the alternatives.
-
- Lemon Quarter
- Posts: 2104
- Joined: November 5th, 2016, 9:37 am
- Has thanked: 469 times
- Been thanked: 1465 times
Re: Passwords..UGH!
SalvorHardin wrote:Super critical passwords.
At work, in office, tricky.
If you're like me where the domestic environment is all you deal with and is seriously locked down (no lodgers, no transients, no f*ckwits) there is a lot be said for pen and paper.
Especially with a little bit of misdirection (passwords written in places that you don't expect to see them, and disguised (e.g. in the middle of some notes about the CNO stellar cycle)
And I don't do internet banking. If my bank insisted that I had to, I'd move elsewhere
I keep my passwords in a notebook. It's simple and not resident on any of the computers I use them on. I then have a method for translating the written password into the real password using a non-trivial character replacement method known only to me, so even if someone steals the notebook they do not have my real passwords.
Works for me! Si
-
- The full Lemon
- Posts: 10439
- Joined: November 4th, 2016, 9:33 am
- Has thanked: 3644 times
- Been thanked: 5272 times
Re: Passwords..UGH!
It's been said that the chance of having a "codebook" stolen by a burglar is much less than the chance of having passwords stolen from your computer. Therefore, I have a number of passwords in cryptic form in a codebook. The passwords also have numbers or characters (not written in the codebook) which are changed regularly. Those elements are written down elsewhere.
For ultra secure things I've been experimenting with passwordcard https://www.passwordcard.org/en
It seems pretty clever, but not terribly convenient.
Most of my banks have a 2 factor authentification system so feel secure.
I am still not at the stage where I feel I can trust any third party system such as those discussed here in case there's a back door entry system. No passwords of any importance are stored on my computer or phone, and I never used the phone for banking.
Arb.
For ultra secure things I've been experimenting with passwordcard https://www.passwordcard.org/en
It seems pretty clever, but not terribly convenient.
Most of my banks have a 2 factor authentification system so feel secure.
I am still not at the stage where I feel I can trust any third party system such as those discussed here in case there's a back door entry system. No passwords of any importance are stored on my computer or phone, and I never used the phone for banking.
Arb.
-
- Lemon Slice
- Posts: 450
- Joined: April 13th, 2017, 11:37 am
- Has thanked: 235 times
- Been thanked: 154 times
Re: Passwords..UGH!
Arborbridge wrote:I am still not at the stage where I feel I can trust any third party system such as those discussed here in case there's a back door entry system. No passwords of any importance are stored on my computer or phone, and I never used the phone for banking.
Keep in mind that there is potential for the same trust issue with any web browser you may use to access online financial services.
I use keepass. I don't name the credentials for the name of the service they're used for, so even if someone gets access to the database, they gain credentials where it is unclear what service they are for.
-
- Lemon Quarter
- Posts: 4760
- Joined: November 14th, 2016, 7:33 pm
- Has thanked: 178 times
- Been thanked: 1377 times
Re: Passwords..UGH!
Passwords are only part of the problem. I find memorable answers even more of a problem. I have seen password managers, but I am yet to find a memorable answer manager. I write clues on a piece of paper that I hide. I also have the clues on a cloud account - a different cloud account to the one that stores my account numbers.
-
- Lemon Quarter
- Posts: 4112
- Joined: November 4th, 2016, 9:24 am
- Has thanked: 3253 times
- Been thanked: 2855 times
Re: Passwords..UGH!
GeoffF100 wrote:Passwords are only part of the problem. I find memorable answers even more of a problem. I have seen password managers, but I am yet to find a memorable answer manager. I write clues on a piece of paper that I hide. I also have the clues on a cloud account - a different cloud account to the one that stores my account numbers.
Keepass can store memorable info (and anything else you want, even files)
--kiloran
-
- The full Lemon
- Posts: 10439
- Joined: November 4th, 2016, 9:33 am
- Has thanked: 3644 times
- Been thanked: 5272 times
Re: Passwords..UGH!
xeny wrote:Arborbridge wrote:I am still not at the stage where I feel I can trust any third party system such as those discussed here in case there's a back door entry system. No passwords of any importance are stored on my computer or phone, and I never used the phone for banking.
Keep in mind that there is potential for the same trust issue with any web browser you may use to access online financial services.
I use keepass. I don't name the credentials for the name of the service they're used for, so even if someone gets access to the database, they gain credentials where it is unclear what service they are for.
True. Indeed with possible leakyness and the potential for hacking or spy software/data logging being placed on one's own computer, I sometimes wonder what the point is of changing passwords frequently or indeed having complex ones. Well, of course it cuts down risk, but if a hacker can see exactly what one is doing we're dooomed.
Arb.
-
- Lemon Quarter
- Posts: 4490
- Joined: November 4th, 2016, 2:25 pm
- Has thanked: 648 times
- Been thanked: 1266 times
Re: Passwords..UGH!
One of the reasons to keep secure boot enabled and things like TPM modules switched on if you have them is it can help prevent rootkit infections, key loggers etc.
You don't have to use passwords - hardware key solutions like USB/NFC U2F are available across many OS platforms now and the list of services that implement them is growing all the time.
You don't have to use passwords - hardware key solutions like USB/NFC U2F are available across many OS platforms now and the list of services that implement them is growing all the time.
-
- The full Lemon
- Posts: 10439
- Joined: November 4th, 2016, 9:33 am
- Has thanked: 3644 times
- Been thanked: 5272 times
Re: Passwords..UGH!
GeoffF100 wrote:Passwords are only part of the problem. I find memorable answers even more of a problem. I have seen password managers, but I am yet to find a memorable answer manager. I write clues on a piece of paper that I hide. I also have the clues on a cloud account - a different cloud account to the one that stores my account numbers.
Do you have clues as to where you hide the clues, though?
-
- The full Lemon
- Posts: 10439
- Joined: November 4th, 2016, 9:33 am
- Has thanked: 3644 times
- Been thanked: 5272 times
Re: Passwords..UGH!
Infrasonic wrote:One of the reasons to keep secure boot enabled and things like TPM modules switched on if you have them is it can help prevent rootkit infections, key loggers etc.
You don't have to use passwords - hardware key solutions like USB/NFC U2F are available across many OS platforms now and the list of services that implement them is growing all the time.
Well, there's the rub. I (and no doubt others) haven't a clue what you are talking about
Some people are really good at this stuff, but most of us just straggle along and hope to learn a few things on the way. Mostly, people just want to use the internet, not spend enternity worrying about it: that's our Nirvana.
Arb.
-
- The full Lemon
- Posts: 12636
- Joined: November 8th, 2016, 7:21 pm
- Been thanked: 2608 times
Re: Passwords..UGH!
Arborbridge wrote:It's been said that the chance of having a "codebook" stolen by a burglar is much less than the chance of having passwords stolen from your computer. Therefore, I have a number of passwords in cryptic form in a codebook. The passwords also have numbers or characters (not written in the codebook) which are changed regularly. Those elements are written down elsewhere.
For ultra secure things I've been experimenting with passwordcard https://www.passwordcard.org/en
It seems pretty clever, but not terribly convenient.
Ingenious. Rather reminds me of the older bank etc. log on security cards, all gone now. I used to like those, simple and straightforward. I suppose their theoretical weakness nowadays is the ubiquity of mobile phone cameras, allowing them to be 'stolen' without needing to remove them. (Same issue with the above?)
Arborbridge wrote:I am still not at the stage where I feel I can trust any third party system such as those discussed here in case there's a back door entry system. No passwords of any importance are stored on my computer or phone...
Same here, no third party involved, I just write them all down. I must have been using Internet banking for years now. Best security: a long enough password.
-
- Lemon Quarter
- Posts: 2574
- Joined: November 5th, 2016, 2:22 am
- Has thanked: 552 times
- Been thanked: 1212 times
Re: Passwords..UGH!
Another +1 for keepass.
I use it on windows and android, with no problem problem.
Memorable answers are stored in it, which lets me have some fun, as questions like "what is your mother's maiden name? or what was your first pet?" no longer have to have true or even sensible answers!
I also store 2FA backup codes and the relevant QR codes in there, so recovering access to sites after losing a phone (with the 2FA generator on it) is a lot less hassle.
Mrs VRD has access to my keepass database, and I to hers, which means if one of us is overtaken by events at least the other can tidy things up... (this last is optional, depending on your situation!)
VRD
I use it on windows and android, with no problem problem.
Memorable answers are stored in it, which lets me have some fun, as questions like "what is your mother's maiden name? or what was your first pet?" no longer have to have true or even sensible answers!
I also store 2FA backup codes and the relevant QR codes in there, so recovering access to sites after losing a phone (with the 2FA generator on it) is a lot less hassle.
Mrs VRD has access to my keepass database, and I to hers, which means if one of us is overtaken by events at least the other can tidy things up... (this last is optional, depending on your situation!)
VRD
Return to “Technology - Computers, TV, Phones etc.”
Who is online
Users browsing this forum: No registered users and 22 guests